Highlights of the Cybersecurity Standardization Conference

Sophia Antipolis, 5 February 2021

The European Standards Organizations, CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organize its annual conference virtually this year. The event, which took place from 2 to 4 February, attracted over 2000 participants from the EU and from around the world.

The conference addressed standardization in relation to the Radio Equipment Directive (RED) and certification under the provisions of the Cybersecurity Act (CSA).

Objectives of the conference

The purpose of the conference was twofold. The event presented the current developments in the areas. It was also intended to foster a dialogue among policy makers, industry, research, standardization and certification organizations, including all of those involved in the development of the ICT certification framework in Europe. The ultimate objective of the exercise is to enable an effective implementation of the Cybersecurity Act.

The objectives of the presentations and key topics addressed by the conference panels were the following:

  • Cybersecurity requirements and standardization activities under the scope of the Radio Equipment Directive

The presentation focused on the cybersecurity requirements of the Directive. The European Commission is preparing delegated acts as well as a request for standardization to CEN-CENELEC and ETSI. The panel highlighted the connection between the European regulatory requirements and explored how standardization can align with the EU policy goals in a global context. The participants were invited to discuss the link between the requirements of the RED and those associated with the Cybersecurity Act.

  • Standardization supporting the Cybersecurity Act

This part of the conference introduced the current state of play in cybersecurity standardization. The purpose of the discussion was also to draw attention to the gaps identified that need to the bridged. Each panellist was given the floor to present updates from their organizations. 

  • Developments on standardization in the area of Consumer IoT

The panel addressed the situation of standardization in this area in relation to the general security standard active since last year.

The attention was drawn on sectorial standards and whether standards for smart homes, the automotive or house appliance for instance would be relevant ones to address. Other interesting questions came up to liven the debate on the subsequent steps of certification, on how certification will impact end user behaviour or how to promote certified products.

  • Standardization of 5G: next steps foreseen

The panel engaged in a discussion on the progress made so far on the standardization of 5G. As preparations for a cybersecurity certification scheme for 5G networks are now beginning, important aspects needed to be addressed. It was important to stress the potential of certification given the number of initiatives already launched in the area and identify prospects for the future.

The last panel closed the conference on a discussion focused on the future of cybersecurity certification in general. It comes as the European Comission requested ENISA to prepare a candidate cybersecurity certification scheme on 5G networks on 3 February 2021.

How should the standardization activities be prepared? How should these activities match with and help achieve the goals of the Union rolling work programme? Such questions remain to be answered in a comprehensive way.

As evidenced by the high number of participants such questions obviously stimulate the interest of a very large audience showing how crucial it is to open the debate as widely as possible to respond to these challenges adequately. Therefore, the audience of the conference and the public at large are most likely to expect a follow-up edition to take place in early 2022.

The slides presented during the conference are available on the website of the Cybersecurity Standardization Conference.